Loading nixos/modules/services/networking/nebula.nix +28 −5 Original line number Diff line number Diff line Loading @@ -95,8 +95,15 @@ in }; listen.port = mkOption { type = types.port; default = 4242; type = types.nullOr types.port; default = null; defaultText = lib.literalExpression '' if (config.services.nebula.networks.''${name}.isLighthouse || config.services.nebula.networks.''${name}.isRelay) then 4242 else 0; ''; description = lib.mdDoc "Port number to listen on."; }; Loading Loading @@ -174,7 +181,15 @@ in }; listen = { host = netCfg.listen.host; port = netCfg.listen.port; port = ( if netCfg.listen.port == null then if (netCfg.isLighthouse || netCfg.isRelay) then 4242 else 0 else netCfg.listen.port ); }; tun = { disabled = netCfg.tun.disable; Loading @@ -185,7 +200,15 @@ in outbound = netCfg.firewall.outbound; }; } netCfg.settings; configFile = format.generate "nebula-config-${netName}.yml" settings; configFile = format.generate "nebula-config-${netName}.yml" ( warnIf ((settings.lighthouse.am_lighthouse || settings.relay.am_relay) && settings.listen.port < 1) '' Nebula network '${netName}' is configured as a lighthouse or relay, and its port is ${builtins.toString settings.listen.port}. You will experience connectivity issues. '' settings ); in { # Create the systemd service for Nebula. Loading Loading @@ -229,7 +252,7 @@ in # Open the chosen ports for UDP. networking.firewall.allowedUDPPorts = unique (mapAttrsToList (netName: netCfg: netCfg.listen.port) enabledNetworks); unique (filter (port: port != null && port > 0) (mapAttrsToList (netName: netCfg: netCfg.listen.port) enabledNetworks)); # Create the service users and groups. users.users = mkMerge (mapAttrsToList (netName: netCfg: Loading nixos/tests/nebula.nix +5 −1 Original line number Diff line number Diff line Loading @@ -10,6 +10,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: let environment.systemPackages = [ pkgs.nebula ]; users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; services.openssh.enable = true; networking.firewall.enable = true; # Implicitly true, but let's make sure. networking.interfaces.eth1.useDHCP = false; services.nebula.networks.smoke = { Loading @@ -17,7 +18,10 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: let ca = "/etc/nebula/ca.crt"; cert = "/etc/nebula/${name}.crt"; key = "/etc/nebula/${name}.key"; listen = { host = "0.0.0.0"; port = 4242; }; listen = { host = "0.0.0.0"; port = if (config.services.nebula.networks.smoke.isLighthouse || config.services.nebula.networks.smoke.isRelay) then 4242 else 0; }; }; } extraConfig Loading Loading
nixos/modules/services/networking/nebula.nix +28 −5 Original line number Diff line number Diff line Loading @@ -95,8 +95,15 @@ in }; listen.port = mkOption { type = types.port; default = 4242; type = types.nullOr types.port; default = null; defaultText = lib.literalExpression '' if (config.services.nebula.networks.''${name}.isLighthouse || config.services.nebula.networks.''${name}.isRelay) then 4242 else 0; ''; description = lib.mdDoc "Port number to listen on."; }; Loading Loading @@ -174,7 +181,15 @@ in }; listen = { host = netCfg.listen.host; port = netCfg.listen.port; port = ( if netCfg.listen.port == null then if (netCfg.isLighthouse || netCfg.isRelay) then 4242 else 0 else netCfg.listen.port ); }; tun = { disabled = netCfg.tun.disable; Loading @@ -185,7 +200,15 @@ in outbound = netCfg.firewall.outbound; }; } netCfg.settings; configFile = format.generate "nebula-config-${netName}.yml" settings; configFile = format.generate "nebula-config-${netName}.yml" ( warnIf ((settings.lighthouse.am_lighthouse || settings.relay.am_relay) && settings.listen.port < 1) '' Nebula network '${netName}' is configured as a lighthouse or relay, and its port is ${builtins.toString settings.listen.port}. You will experience connectivity issues. '' settings ); in { # Create the systemd service for Nebula. Loading Loading @@ -229,7 +252,7 @@ in # Open the chosen ports for UDP. networking.firewall.allowedUDPPorts = unique (mapAttrsToList (netName: netCfg: netCfg.listen.port) enabledNetworks); unique (filter (port: port != null && port > 0) (mapAttrsToList (netName: netCfg: netCfg.listen.port) enabledNetworks)); # Create the service users and groups. users.users = mkMerge (mapAttrsToList (netName: netCfg: Loading
nixos/tests/nebula.nix +5 −1 Original line number Diff line number Diff line Loading @@ -10,6 +10,7 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: let environment.systemPackages = [ pkgs.nebula ]; users.users.root.openssh.authorizedKeys.keys = [ snakeOilPublicKey ]; services.openssh.enable = true; networking.firewall.enable = true; # Implicitly true, but let's make sure. networking.interfaces.eth1.useDHCP = false; services.nebula.networks.smoke = { Loading @@ -17,7 +18,10 @@ import ./make-test-python.nix ({ pkgs, lib, ... }: let ca = "/etc/nebula/ca.crt"; cert = "/etc/nebula/${name}.crt"; key = "/etc/nebula/${name}.key"; listen = { host = "0.0.0.0"; port = 4242; }; listen = { host = "0.0.0.0"; port = if (config.services.nebula.networks.smoke.isLighthouse || config.services.nebula.networks.smoke.isRelay) then 4242 else 0; }; }; } extraConfig Loading
